CVE-2014-5120: Input Validation
First published: Sat Aug 23 2014(Updated: )
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHP | =5.4.0 | |
| PHP | =5.4.0-beta2 | |
| PHP | =5.4.0-beta2 | |
| PHP | =5.4.0-rc2 | |
| PHP | =5.4.1 | |
| PHP | =5.4.2 | |
| PHP | =5.4.3 | |
| PHP | =5.4.4 | |
| PHP | =5.4.5 | |
| PHP | =5.4.6 | |
| PHP | =5.4.7 | |
| PHP | =5.4.8 | |
| PHP | =5.4.9 | |
| PHP | =5.4.10 | |
| PHP | =5.4.11 | |
| PHP | =5.4.12 | |
| PHP | =5.4.12-rc1 | |
| PHP | =5.4.12-rc2 | |
| PHP | =5.4.13 | |
| PHP | =5.4.13-rc1 | |
| PHP | =5.4.14 | |
| PHP | =5.4.14-rc1 | |
| PHP | =5.4.15 | |
| PHP | =5.4.15-rc1 | |
| PHP | =5.4.16-rc1 | |
| PHP | =5.4.17 | |
| PHP | =5.4.18 | |
| PHP | =5.4.19 | |
| PHP | =5.4.20 | |
| PHP | =5.4.21 | |
| PHP | =5.4.22 | |
| PHP | =5.4.23 | |
| PHP | =5.4.24 | |
| PHP | =5.4.25 | |
| PHP | =5.4.26 | |
| PHP | =5.4.27 | |
| PHP | =5.4.28 | |
| PHP | =5.4.29 | |
| PHP | =5.4.30 | |
| PHP | =5.4.31 | |
| PHP | =5.5.0 | |
| PHP | =5.5.0-alpha1 | |
| PHP | =5.5.0-alpha2 | |
| PHP | =5.5.0-alpha3 | |
| PHP | =5.5.0-alpha4 | |
| PHP | =5.5.0-alpha5 | |
| PHP | =5.5.0-alpha6 | |
| PHP | =5.5.0-beta1 | |
| PHP | =5.5.0-beta2 | |
| PHP | =5.5.0-beta3 | |
| PHP | =5.5.0-beta4 | |
| PHP | =5.5.0-rc1 | |
| PHP | =5.5.0-rc2 | |
| PHP | =5.5.1 | |
| PHP | =5.5.2 | |
| PHP | =5.5.3 | |
| PHP | =5.5.4 | |
| PHP | =5.5.5 | |
| PHP | =5.5.6 | |
| PHP | =5.5.7 | |
| PHP | =5.5.8 | |
| PHP | =5.5.9 | |
| PHP | =5.5.10 | |
| PHP | =5.5.11 | |
| PHP | =5.5.12 | |
| PHP | =5.5.13 | |
| PHP | =5.5.14 | |
| PHP | =5.5.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00024.html
- http://php.net/ChangeLog-5.php
- http://rhn.redhat.com/errata/RHSA-2014-1327.html
- http://rhn.redhat.com/errata/RHSA-2014-1765.html
- http://rhn.redhat.com/errata/RHSA-2014-1766.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
- https://bugs.php.net/bug.php?id=67730
- https://support.apple.com/HT204659
Frequently Asked Questions
What is the severity of CVE-2014-5120?
CVE-2014-5120 has a medium severity level as it may allow file overwrite attacks.
How do I fix CVE-2014-5120?
To fix CVE-2014-5120, upgrade PHP to version 5.4.32 or 5.5.16 or later.
What versions of PHP are affected by CVE-2014-5120?
CVE-2014-5120 affects PHP versions 5.4.x prior to 5.4.32 and 5.5.x prior to 5.5.16.
What types of attacks can exploit CVE-2014-5120?
CVE-2014-5120 can be exploited to overwrite arbitrary files through crafted input to specific image processing functions.
Are there any workarounds for CVE-2014-5120?
Workarounds for CVE-2014-5120 include validating and sanitizing input paths, though upgrading is the best solution.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/php
- canonical/php
- version/php/5.4.0
- version/php/5.4.0-beta2
- version/php/5.4.0-rc2
- version/php/5.4.1
- version/php/5.4.2
- version/php/5.4.3
- version/php/5.4.4
- version/php/5.4.5
- version/php/5.4.6
- version/php/5.4.7
- version/php/5.4.8
- version/php/5.4.9
- version/php/5.4.10
- version/php/5.4.11
- version/php/5.4.12
- version/php/5.4.12-rc1
- version/php/5.4.12-rc2
- version/php/5.4.13
- version/php/5.4.13-rc1
- version/php/5.4.14
- version/php/5.4.14-rc1
- version/php/5.4.15
- version/php/5.4.15-rc1
- version/php/5.4.16-rc1
- version/php/5.4.17
- version/php/5.4.18
- version/php/5.4.19
- version/php/5.4.20
- version/php/5.4.21
- version/php/5.4.22
- version/php/5.4.23
- version/php/5.4.24
- version/php/5.4.25
- version/php/5.4.26
- version/php/5.4.27
- version/php/5.4.28
- version/php/5.4.29
- version/php/5.4.30
- version/php/5.4.31
- version/php/5.5.0
- version/php/5.5.0-alpha1
- version/php/5.5.0-alpha2
- version/php/5.5.0-alpha3
- version/php/5.5.0-alpha4
- version/php/5.5.0-alpha5
- version/php/5.5.0-alpha6
- version/php/5.5.0-beta1
- version/php/5.5.0-beta2
- version/php/5.5.0-beta3
- version/php/5.5.0-beta4
- version/php/5.5.0-rc1
- version/php/5.5.0-rc2
- version/php/5.5.1
- version/php/5.5.2
- version/php/5.5.3
- version/php/5.5.4
- version/php/5.5.5
- version/php/5.5.6
- version/php/5.5.7
- version/php/5.5.8
- version/php/5.5.9
- version/php/5.5.10
- version/php/5.5.11
- version/php/5.5.12
- version/php/5.5.13
- version/php/5.5.14
- version/php/5.5.15